A Thread Border Router connects a Thread network to other IP-based networks, such as Wi-Fi or Ethernet. A Thread network requires a Border Router to connect to other networks.
A Thread Border Router minimally supports the following functions:
- Bidirectional IP connectivity between Thread and Wi-Fi/Ethernet networks.
- Bidirectional service discovery via mDNS (on a Wi-Fi/Ethernet link) and SRP (on a Thread network).
- Thread-over-infrastructure that merges Thread partitions over IP-based links.
- External Thread Commissioning (for example, a mobile phone) to authenticate and join a Thread device to a Thread network.
OpenThread's implementation of a Border Router is called OpenThread Border Router (OTBR), supporting a Radio Co-Processor (RCP) design. When choosing your platform, consider the following benefits of using RCP:
- More resources: OpenThread can take advantage of the host processor's resources, which is typically much more than what an 802.15.4 SoC provides.
- More cost effective: minimize resource requirements on the 802.15.4 SoC, which can lead to a more cost-effective solution.
- Easier to debug: since most of the processing happens on the host processor, you can utilize more capable debugging tools on the host processor.
- More stable 802.15.4 SoC firmware: the RCP only implements the sub-MAC and PHY, reducing the frequency at which the 802.15.4 SoC needs firmware updates.
- Easier integration with host IPv6 network stack: having OpenThread run on the host allows for more direct integration with the host IPv6 stack.
Features and services
OTBR includes a number of features, including:
- Web GUI for configuration and management
- Thread Border Agent to support external commissioning
- DHCPv6 Prefix Delegation to obtain IPv6 prefixes for a Thread network
- NAT64 for connecting to IPv4 networks
- DNS64 to allow Thread devices to initiate communications by name to an IPv4-only server
- Thread interface driver using OpenThread's built-in feature
- Docker support
Border Router services
OTBR provides the following services:
- mDNS Publisher — Allows an External Commissioner to discover an OTBR and its associated Thread network
- PSKc Generator — For generation of PSKc keys
- Web Service — Web UI for management of a Thread network
Third-party components for Border Router Services include Simple Web Server and Material Design Lite for the framework of the web UI.
OTBR firewall
OTBR uses iptables
and ipset
to implement the following ingress
filtering rules:
- Block inbound packets initiated with On-Link address sources, for example Off-Mesh Routable (OMR) and Mesh-Local prefix based addresses.
- Block inbound unicast packets whose destination address is not an OMR address or a Domain Unicast Address (DUA).
- Block inbound unicast packets whose source address or destination address is Link-Local. Note that this rule is handled by the kernel and not explicitly set.